We have recently outsourced our IT Support. A major incident occurred on the system and the third party vendor applied a workaround to restore service. The Major Incident breached resolution SLA. The vendor originally had this down as a breach but have advised that they believe the root cause is attributed to another third party there is no conclusive evidence. During the MI and subsequently was not reported to the other vendor via the ITSM or any other method.

However the contract is around incident resolution SLA applicable to restoring the service as quickly as possible and within SLA not RCA. I therefore don't think it matters, we have a specific clause regarding the SLA is measured whilst it is with each vendor and this one was with our main vendor.

Well, if the incident is not restored within the agreed timelines, it should definitely be considered as a breach.

However, in general, as much as I know, if the cause of the breach is attributed to another external or 3rd party vendor or not in scope of the service provider then the breach may be considered to be waived off by the customer. Else, it should be a breach against the service provider and the reasons and actions to prevent the breach could be analysed thereafter.